From e1d47a2f17656e1088b53633092ee849d55d2dd2 Mon Sep 17 00:00:00 2001 From: Vamsi krishna Gattupalli Date: Wed, 9 Sep 2020 17:06:35 +0530 Subject: ADSPRPC: Initialize dlerror string Currently dlerrstr is uninitialized. When DSP fails to update dlerrstr string due to any reason, an uninitialized dlerrstr is getting printed which will access beyond 255 bytes. By initializing this string to NULL, we will make sure that we do not access beyond the size allocated even in case of any DSP related failures. CRs-Fixed: 2653730 Change-Id: I2f91fd2c80933f89042366dbe8aceef10b0dfe8e --- src/fastrpc_apps_user.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/fastrpc_apps_user.c b/src/fastrpc_apps_user.c index 39c904b..7d159cf 100644 --- a/src/fastrpc_apps_user.c +++ b/src/fastrpc_apps_user.c @@ -90,6 +90,7 @@ #define INVALID_KEY (pthread_key_t)(-1) #define MAX_DMA_HANDLES 256 +#define MAX_DLERRSTR_LEN 255 #define FASTRPC_TRACE_INVOKE_START "fastrpc_trace_invoke_start" #define FASTRPC_TRACE_INVOKE_END "fastrpc_trace_invoke_end" @@ -924,14 +925,20 @@ bail: int remote_handle_close(remote_handle h) { - char dlerrstr[255]; + char *dlerrstr = NULL; int dlerr = 0, nErr = AEE_SUCCESS; + size_t err_str_len = MAX_DLERRSTR_LEN*sizeof(char); - VERIFY(AEE_SUCCESS == (nErr = remotectl_close(h, dlerrstr, sizeof(dlerrstr), &dlerr))); + VERIFYC(NULL != (dlerrstr = (char*)calloc(1, err_str_len)), AEE_ENOMEMORY); + VERIFY(AEE_SUCCESS == (nErr = remotectl_close(h, dlerrstr, err_str_len, &dlerr))); VERIFY(AEE_SUCCESS == (nErr = dlerr)); bail: if (nErr != AEE_SUCCESS) { - FARF(HIGH, "Error %x: remote handle close failed. error %s\n", nErr, dlerrstr); + FARF(HIGH, "Error %x: remote handle close failed. error %s\n", nErr, dlerrstr); + } + if (dlerrstr) { + free(dlerrstr); + dlerrstr = NULL; } return nErr; } -- cgit v1.2.3